To see how to join a computer to a managed domain, let's create a Windows Server VM. This VM is connected to an Azure virtual network that provides connectivity to the managed domain. The process to join a managed domain is the same as joining a regular on-premises Active Directory Domain Services domain.
If you already have a VM that you want to domain-join, skip to the section to join the VM to the managed domain.
From the Azure portal menu or from the Home page, select Create a resource.
From Get started, choose Windows Server 2016 Datacenter.
In the Basics window, configure the core settings for the virtual machine. Leave the defaults for Availability options, Image, and Size.
By default, VMs created in Azure are accessible from the Internet using RDP. When RDP is enabled, automated sign-in attacks are likely to occur, which may disable accounts with common names such as admin or administrator due to multiple failed successive sign-in attempts.
RDP should only be enabled when required, and limited to a set of authorized IP ranges. This configuration helps improve the security of the VM and reduces the area for potential attack. Or, create and use an Azure Bastion host that allows access only through the Azure portal over TLS. In the next step of this tutorial, you use an Azure Bastion host to securely connect to the VM.
Under Public inbound ports, select None.
When done, select Next: Disks.
From the drop-down menu for OS disk type, choose Standard SSD, then select Next: Networking.
Your VM must connect to an Azure virtual network subnet that can communicate with the subnet your managed domain is deployed into. We recommend that a managed domain is deployed into its own dedicated subnet. Don't deploy your VM in the same subnet as your managed domain.
There are two main ways to deploy your VM and connect to an appropriate virtual network subnet:
Create a, or select an existing, subnet in the same the virtual network as your managed domain is deployed.
Select a subnet in an Azure virtual network that is connected to it using Azure virtual network peering.
If you select a virtual network subnet that isn't connected to the subnet for your managed domain, you can't join the VM to the managed domain. For this tutorial, let's create a new subnet in the Azure virtual network.
In the Networking pane, select the virtual network in which your managed domain is deployed, such as aaads-vnet
In this example, the existing aaads-subnet is shown that the managed domain is connected to. Don't connect your VM to this subnet. To create a subnet for the VM, select Manage subnet configuration.
In the left-hand menu of the virtual network window, select Address space. The virtual network is created with a single address space of 10.0.2.0/24, which is used by the default subnet. Other subnets, such as for workloads or Azure Bastion may also already exist.
Add an additional IP address range to the virtual network. The size of this address range and the actual IP address range to use depends on other network resources already deployed. The IP address range shouldn't overlap with any existing address ranges in your Azure or on-premises environment. Make sure that you size the IP address range large enough for the number of VMs you expect to deploy into the subnet.
In the following example, an additional IP address range of 10.0.5.0/24 is added. When ready, select Save.
reference:https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm
Hope this information can help you
Best wishes
Vicky